The Heartbleed Bug Is Mostly Fixed, But There Are Still More Than 20,000 Websites Vulnerable

Business Insider While many websites have already updated their systems to address the Heartbleed bug — one of the biggest security vulnerabilities the Web had seen in years — there are still a handful of websites left susceptible to the problem.

Chances are, most of the important websites you're using on a daily basis have applied the necessary updates to patch the vulnerability.

Internet security firm Sucuri ran a systematic scan of the top 1 million websites as determined by Alexa Internet, according to a blog post from the company first spotted by Re/code.

The top 1,000 websites have been updated and are all completely safe. This category includes major Web services and social media outlets such as Google, LinkedIn, Twitter, Facebook, and Wikipedia.

Only 53 of the top 10,000 websites are still vulnerable, according to data from Sucuri's scans. The company didn't reveal which websites are still susceptible to Heartbleed, but chances are they're not websites you're using on a regular basis.

However, there's a sizeable chunk of the Web that's still being affected by the Heartbleed vulnerability. Of the top 1 million websites, 2% are currently vulnerable to the security flaw. That means that more than 20,000 websites are still affected by the Heartbleed bug. Again, Sucuri didn't name any specific websites, but the more popular a site is the better chance there is of it having been fixed.

If you're unsure whether or not one of your favorite websites is still being affected by Heartbleed, use this test site to run a scan and check whether it's been fixed.

The Heartbleed bug is a security flaw with OpenSSL, a popular encryption standard used by a giant portion of the Web. The bug can allow an attacker aware of the flaw to trick a server into spilling out data from its memory, which can include personal information such as passwords and credit card numbers.

Although many of the major sites have updated their servers to a newer version of OpenSSL that isn't vulnerable to the bug, it's still a good idea to change your passwords.